In yet another example of its focus on imposing greater data security accountability, the New York Attorney General (“NYAG”) recently announced a significant settlement with Marymount Manhattan College (“the College”).  The settlement stems from a data breach to which the College was subject in 2021.  Following an investigation, which, according to the NYAG, revealed inadequacies

Yesterday, New York’s Department of Financial Services (“DFS”) announced another enforcement action under the state’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”).  According to the press release, OneMain Financial Group LLC (“OneMain”) will pay a $4.25 million penalty to New York State for alleged violations of Reg 500.  

In the

As noted in a prior post, New York’s Attorney General (“NYAG”) has made enforcement of the New York SHIELD Act  an enforcement priority. The SHIELD Act requires organizations handling personal information related to New York residents to maintain reasonable safeguards to protect that information.  Maintaining its focus on this area, the NYAG recently released

On August 17, 2022, New York announced an amendment to the Continuing Legal Education (CLE) Program Rules, which adds a requirement for attorneys to complete at least one CLE credit hour in Cybersecurity, Privacy, and Data Protection as part of fulfilling their CLE requirements.

New York barred attorneys will be required to comply starting July

On January 24, 2022, New York Attorney General Letitia James announced a $600,000 settlement agreement with EyeMed Vision Care, a vision benefits company, stemming from a 2020 data breach compromising the personal information of approximately 2.1 million individuals across the United States, including nearly 99,000 in New York State (the “Incident”).

This settlement was the

Earlier this month, New York Governor Kathy Hochul signed into a law a bill that will require New York private sector employers to provide written notice to employees before engaging in electronic monitoring of their activities in the workplace.  Civil Rights (CVR) Chapter 6, Article 5, Section 52-C*2 will take effect six months after enactment,

On May 13th, New York State Senator Kevin Thomas, Chair of NY’s Consumer Protection Committee, reintroduced the New York Privacy Act (“NYPA”), a comprehensive consumer privacy law similar in kind to the California Consumer Privacy Act (“CCPA”), California Privacy Rights Act (“CPRA”), and Virginia’s Consumer Data Protection Act (“CDPA”).  The NYPA had been 

In 2018, the California Consumer Privacy Act (“CCPA”), which provides for an expansive array of privacy rights and obligations, was enacted.  At the time, it was reasonable to wonder whether California’s bold example would catalyze similar activity in other states.  It’s clear now that it has.   Virginia recently passed its own robust privacy law,

Dubbed the “Biometric Privacy Act,” New York Assembly Bill 27 (“BPA”) is virtually identical to the Biometric Information Privacy Act in Illinois, 740 ILCS 14 et seq. (BIPA). Enacted in 2008, BIPA only recently triggered thousands of class actions in Illinois. If the BPA is enacted in New York, it likely will not take as